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AMENDMENTS TO THE CLAIMS 
This listing of claims replaces all prior versions, and listings, of claims in the application: 

1 1 . (Currently Amended) A method of dynamically protecting access to a first 

2 network, comprising: 

3 receiving, in a system, a data unit containing a source address indicating a source 

4 of a data unit; 

5 matching the source address with information stored in the system; and 

- 6 enabling entry of the data unit to the first network for communication to a 

7 destination device on the first network if the source address matches the information stored in the 

8 system and denying entry of the data unit to the first network if the source address does not 

9 match the information stored in the system,, 

10 wherein the destination device is separate from the system . 

1 2. (Original) The method of claim 1 , wherein matching the source address with the 

2 information comprises matching the source address with one or more entries of a network 

3 address translation mapping table. 

1 3. (Original) The method of claim 1, wherein matching the source address 

2 comprises matching an Internet Protocol address. 

1 4. (Currently Amended) Th e m e thod of claim 1, A method of dynamically 

2 protecting access to a first network, comprising: 

3 receiving, in a system, a data unit containing a source address indicating a source 

4 of a data unit; 

5 matching the source address with information stored in the system; and 

6 enabling entry of the data unit to the first network if the source address matches 

7 the information stored in the system and denying entry of the data unit to the first network if the 

8 source address does not match the information stored in the system, 

9 wherein receiving the data unit comprises receiving a data unit containing media 
10 associated with a call session. 
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1 5. (Currently Amended) Th e m e thod of claim L furth e r comprising A method of 

2 dynamically protecting access to a first network, comprising: 

3 receiving, in a system, a data unit containing a source address indicating a source 
. 4 of a data unit; 

5 matching the source address with information stored in the system; 

- 6 enabling entry of the data unit to the first network if the source address matches 

7 the information stored in the system and denying entry of the data unit to the first network if the 

8 source address does not match the information stored in the system; and 

9 determining if the data unit contains a payload according to a predetermined 

10 protocol, and denying entry of the data unit if the data unit does not contain payload according to 

1 1 the predetermined protocol. 

1 6. (Original) The method of claim 5, wherein determining if the data unit contains a 

2 payload according to the predetermined protocol comprises determining if the data unit contains 

3 a payload according to a Real-Time Protocol or Real-Time Control Protocol. 

1 7. (Currently Amended) Th e m e thod of claim L furth e r comprising A method of 

2 dynamically protecting access to a first network, comprising: 

3 receiving, in a system, a data unit containing a source address indicating a source 

4 of a data unit; 

5 matching the source address with information stored in the system; 

6 enabling entry of the data unit to the first network if the source address matches 

7 the information stored in the system and denying entry of the data unit to the first network if the 

8 source address does not match the information stored in the system; and 

9 storing profile information for eaeh a call session, and determining if an 
10 unauthorized access of the first network is occurring based on the profile information. 
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1 8. (Original) The method of claim 7, wherein storing the profile information 

2 comprises storing a threshold representing a maximum acceptable rate of incoming data units 

3 from an external network to the first network. 

1 9. (Original) The method of claim 8, further comprising calculating a value for the 

2 threshold based on a frame size used in the call session. 

1 10. (Original) The method of claim 8, wherein storing the profile information further 

2 comprises storing a pattern expected in incoming data units. 

1 11. (Original) The method of claim 10, wherein storing the pattern comprises storing 

2 a codec type used in the call session. 

1 12. (Original) The method of claim 8, further comprising generating an alarm if the 

2 system detects a rate of incoming data units from the external network to the first network 

3 exceeding the threshold. 

1 13. (Original) The method of claim 8, further comprising denying further transport of 

2 incoming data units from the external network to the first network for the call session if the 

3 system detects a rate of incoming data units from the external network to the first network 

4 exceeding the threshold. 

1 14. (Currently Amended) An article comprising at least one storage medium 

2 containing instructions for protecting a first network, the instructions when executed causing a 

3 system to: 

4 determine if a rate of incoming data units from an external network to the first 

5 network exceeds a predetermined threshold in a given call session ; and 

6 perform a security action if the determined rate of incoming data units exceeds the 

7 predetermined threshold. 
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1 15. (Cancelled) 

1 16. (Currently Amended) The article of claim [[15]] 14, wherein the instructions 

2 when executed cause the system to further store plural thresholds for corresponding plural call 

3 sessions. 

' 1 17. (Currently Amended) The article of claim [[15]] 14, wherein the instructions 

2 when executed cause the system to further calculate the predetermined threshold based at least in 

3 part on a frame size used in the call session. 

1 18. (Currently Amended) Th e articl e of claim 1 4 , wh e r e in th e instructions wh e n 

2 execut e d caus e th e syst e m to furth e r An article comprising at least one storage medium 

3 containing instructions for protecting a first network, the instructions when executed causing a 

4 system to: 

5 determine if a rate of incoming data units from an external network to the first 

6 network exceeds a predetermined threshold; 

7 perform a security action if the determined rate of incoming data units exceeds the 

8 predetermined threshold; and 

9 determine if each incoming packet has a predetermined pattern. 

1 19. (Original) The article of claim 18, wherein the instructions when executed cause 

2 the system to determine if each incoming packet has the predetermined pattern by checking if 

3 each incoming packet has an indication of a predetermined codec type. 

1 20. (Cancelled) 
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1 21. (Currently Amended) Th e system of claim 20. A system for use in 

2 communications between a first network and an external network, comprising: 

3 a storage module to store a threshold value for a communications session, the 

4 threshold value representing an acceptable rate of incoming data units from the external network 

5 to the first network; and 

6 a controller adapted to deny further entry of data units from the external network 

■ 7 to the first network in the communications session in response to the controller detecting that the 

8 rate of incoming data units exceeds the threshold value, 

9 the storage module to further store address information, wherein the controller is 

10 adapted to compare a source address of an incoming data unit with the address information 

1 1 stored in the system and to deny further entry of the incoming data unit if the source address does 

12 not match the address information stored in the system. 

1 22. (Original) The system of claim 21 , wherein the address information comprises a 

2 network address translation table. 

1 23. (Original) The system of claim 22, wherein the network address translation table 

2 comprises a network address and port translation table. 

1 24. (Original) The system of claim 21, wherein the controller is adapted to further 

2 check if the incoming data unit contains a Real-Time Protocol or Real-Time Control Protocol 

3 payload, and to deny further entry of the incoming data unit if the incoming data unit does not 

4 contain a Real-Time Protocol or Real-Time Control Protocol payload. 
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1 25. (Currently Amended) Th e syst e m of claim 20, A system for use in 

2 communications between a first network and an external network, comprising: 

3 a storage module to store a threshold value for a communications session, the 

4 threshold value representing an acceptable rate of incoming data units from the external network 

5 to the first network; and 

6 a controller adapted to deny further entry of data units from the external network 

• 7 to the first network in the communications session in response to the controller detecting that the 

8 rate of incoming data units exceeds the threshold value, 

9 the storage module to further store a codec type for the communications session, 

10 wherein the controller is adapted to deny entry of an incoming data unit if the incoming data unit 

1 1 does not contain an indication of the codec type. 
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